SUSE-SU-2022:0690-1
See a problem?- Import Source
- https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2022:0690-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/SUSE-SU-2022:0690-1
- Related
- Published
- 2022-03-03T13:17:23Z
- Modified
- 2022-03-03T13:17:23Z
- Summary
- Security update for webkit2gtk3
- Details
-
This update for webkit2gtk3 fixes the following issues:
Update to version 2.34.5 (bsc#1195735):
- CVE-2022-22589: A validation issue was addressed with improved input sanitization.
- CVE-2022-22590: A use after free issue was addressed with improved memory management.
- CVE-2022-22592: A logic issue was addressed with improved state management.
Update to version 2.34.4 (bsc#1195064):
- CVE-2021-30934: A buffer overflow issue was addressed with improved memory handling.
- CVE-2021-30936: A use after free issue was addressed with improved memory management.
- CVE-2021-30951: A use after free issue was addressed with improved memory management.
- CVE-2021-30952: An integer overflow was addressed with improved input validation.
- CVE-2021-30953: An out-of-bounds read was addressed with improved bounds checking.
- CVE-2021-30954: A type confusion issue was addressed with improved memory handling.
- CVE-2021-30984: A race condition was addressed with improved state handling.
- CVE-2022-22594: A cross-origin issue in the IndexDB API was addressed with improved input validation.
The following CVEs were addressed in a previous update:
- CVE-2021-45481: Incorrect memory allocation in WebCore::ImageBufferCairoImageSurfaceBackend::create.
- CVE-2021-45482: A use-after-free in WebCore::ContainerNode::firstChild.
- CVE-2021-45483: A use-after-free in WebCore::Frame::page.
- References
-
- https://www.suse.com/support/update/announcement/2022/suse-su-20220690-1/
- https://bugzilla.suse.com/1195064
- https://bugzilla.suse.com/1195735
- https://www.suse.com/security/cve/CVE-2021-30934
- https://www.suse.com/security/cve/CVE-2021-30936
- https://www.suse.com/security/cve/CVE-2021-30951
- https://www.suse.com/security/cve/CVE-2021-30952
- https://www.suse.com/security/cve/CVE-2021-30953
- https://www.suse.com/security/cve/CVE-2021-30954
- https://www.suse.com/security/cve/CVE-2021-30984
- https://www.suse.com/security/cve/CVE-2021-45481
- https://www.suse.com/security/cve/CVE-2021-45482
- https://www.suse.com/security/cve/CVE-2021-45483
- https://www.suse.com/security/cve/CVE-2022-22589
- https://www.suse.com/security/cve/CVE-2022-22590
- https://www.suse.com/security/cve/CVE-2022-22592
- https://www.suse.com/security/cve/CVE-2022-22594
Affected packages
SUSE:HPE Helion OpenStack 8 / webkit2gtk3
Package
- Name
- webkit2gtk3
- Purl
- purl:rpm/suse/webkit2gtk3&distro=HPE%20Helion%20OpenStack%208
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.34.5-2.85.3
Ecosystem specific
{
"binaries": [
{
"typelib-1_0-JavaScriptCore-4_0": "2.34.5-2.85.3",
"libjavascriptcoregtk-4_0-18": "2.34.5-2.85.3",
"webkit2gtk-4_0-injected-bundles": "2.34.5-2.85.3",
"libwebkit2gtk-4_0-37": "2.34.5-2.85.3",
"libwebkit2gtk3-lang": "2.34.5-2.85.3",
"typelib-1_0-WebKit2WebExtension-4_0": "2.34.5-2.85.3",
"typelib-1_0-WebKit2-4_0": "2.34.5-2.85.3"
}
]
}
SUSE:OpenStack Cloud 8 / webkit2gtk3
Package
- Name
- webkit2gtk3
- Purl
- purl:rpm/suse/webkit2gtk3&distro=SUSE%20OpenStack%20Cloud%208
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.34.5-2.85.3
Ecosystem specific
{
"binaries": [
{
"typelib-1_0-JavaScriptCore-4_0": "2.34.5-2.85.3",
"libjavascriptcoregtk-4_0-18": "2.34.5-2.85.3",
"webkit2gtk-4_0-injected-bundles": "2.34.5-2.85.3",
"libwebkit2gtk-4_0-37": "2.34.5-2.85.3",
"libwebkit2gtk3-lang": "2.34.5-2.85.3",
"typelib-1_0-WebKit2WebExtension-4_0": "2.34.5-2.85.3",
"typelib-1_0-WebKit2-4_0": "2.34.5-2.85.3"
}
]
}
SUSE:OpenStack Cloud 9 / webkit2gtk3
Package
- Name
- webkit2gtk3
- Purl
- purl:rpm/suse/webkit2gtk3&distro=SUSE%20OpenStack%20Cloud%209
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.34.5-2.85.3
Ecosystem specific
{
"binaries": [
{
"typelib-1_0-JavaScriptCore-4_0": "2.34.5-2.85.3",
"libjavascriptcoregtk-4_0-18": "2.34.5-2.85.3",
"webkit2gtk-4_0-injected-bundles": "2.34.5-2.85.3",
"libwebkit2gtk-4_0-37": "2.34.5-2.85.3",
"libwebkit2gtk3-lang": "2.34.5-2.85.3",
"typelib-1_0-WebKit2WebExtension-4_0": "2.34.5-2.85.3",
"typelib-1_0-WebKit2-4_0": "2.34.5-2.85.3"
}
]
}
SUSE:OpenStack Cloud Crowbar 8 / webkit2gtk3
Package
- Name
- webkit2gtk3
- Purl
- purl:rpm/suse/webkit2gtk3&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.34.5-2.85.3
Ecosystem specific
{
"binaries": [
{
"typelib-1_0-JavaScriptCore-4_0": "2.34.5-2.85.3",
"libjavascriptcoregtk-4_0-18": "2.34.5-2.85.3",
"webkit2gtk-4_0-injected-bundles": "2.34.5-2.85.3",
"libwebkit2gtk-4_0-37": "2.34.5-2.85.3",
"libwebkit2gtk3-lang": "2.34.5-2.85.3",
"typelib-1_0-WebKit2WebExtension-4_0": "2.34.5-2.85.3",
"typelib-1_0-WebKit2-4_0": "2.34.5-2.85.3"
}
]
}
SUSE:OpenStack Cloud Crowbar 9 / webkit2gtk3
Package
- Name
- webkit2gtk3
- Purl
- purl:rpm/suse/webkit2gtk3&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.34.5-2.85.3
Ecosystem specific
{
"binaries": [
{
"typelib-1_0-JavaScriptCore-4_0": "2.34.5-2.85.3",
"libjavascriptcoregtk-4_0-18": "2.34.5-2.85.3",
"webkit2gtk-4_0-injected-bundles": "2.34.5-2.85.3",
"libwebkit2gtk-4_0-37": "2.34.5-2.85.3",
"libwebkit2gtk3-lang": "2.34.5-2.85.3",
"typelib-1_0-WebKit2WebExtension-4_0": "2.34.5-2.85.3",
"typelib-1_0-WebKit2-4_0": "2.34.5-2.85.3"
}
]
}
SUSE:Linux Enterprise Server for SAP Applications 12 SP3 / webkit2gtk3
Package
- Name
- webkit2gtk3
- Purl
- purl:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.34.5-2.85.3
Ecosystem specific
{
"binaries": [
{
"typelib-1_0-JavaScriptCore-4_0": "2.34.5-2.85.3",
"libjavascriptcoregtk-4_0-18": "2.34.5-2.85.3",
"webkit2gtk-4_0-injected-bundles": "2.34.5-2.85.3",
"libwebkit2gtk-4_0-37": "2.34.5-2.85.3",
"libwebkit2gtk3-lang": "2.34.5-2.85.3",
"typelib-1_0-WebKit2WebExtension-4_0": "2.34.5-2.85.3",
"typelib-1_0-WebKit2-4_0": "2.34.5-2.85.3"
}
]
}
SUSE:Linux Enterprise Server for SAP Applications 12 SP4 / webkit2gtk3
Package
- Name
- webkit2gtk3
- Purl
- purl:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.34.5-2.85.3
Ecosystem specific
{
"binaries": [
{
"typelib-1_0-JavaScriptCore-4_0": "2.34.5-2.85.3",
"libjavascriptcoregtk-4_0-18": "2.34.5-2.85.3",
"webkit2gtk-4_0-injected-bundles": "2.34.5-2.85.3",
"libwebkit2gtk-4_0-37": "2.34.5-2.85.3",
"libwebkit2gtk3-lang": "2.34.5-2.85.3",
"typelib-1_0-WebKit2WebExtension-4_0": "2.34.5-2.85.3",
"typelib-1_0-WebKit2-4_0": "2.34.5-2.85.3"
}
]
}
SUSE:Linux Enterprise Software Development Kit 12 SP5 / webkit2gtk3
Package
- Name
- webkit2gtk3
- Purl
- purl:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5
SUSE:Linux Enterprise Server 12 SP2-BCL / webkit2gtk3
Package
- Name
- webkit2gtk3
- Purl
- purl:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCL
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.34.5-2.85.3
Ecosystem specific
{
"binaries": [
{
"typelib-1_0-WebKit2-4_0": "2.34.5-2.85.3",
"typelib-1_0-JavaScriptCore-4_0": "2.34.5-2.85.3",
"libjavascriptcoregtk-4_0-18": "2.34.5-2.85.3",
"webkit2gtk-4_0-injected-bundles": "2.34.5-2.85.3",
"libwebkit2gtk-4_0-37": "2.34.5-2.85.3",
"libwebkit2gtk3-lang": "2.34.5-2.85.3",
"typelib-1_0-WebKit2WebExtension-4_0": "2.34.5-2.85.3",
"webkit2gtk3-devel": "2.34.5-2.85.3"
}
]
}
SUSE:Linux Enterprise Server 12 SP3-LTSS / webkit2gtk3
Package
- Name
- webkit2gtk3
- Purl
- purl:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-LTSS
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.34.5-2.85.3
Ecosystem specific
{
"binaries": [
{
"typelib-1_0-JavaScriptCore-4_0": "2.34.5-2.85.3",
"libjavascriptcoregtk-4_0-18": "2.34.5-2.85.3",
"webkit2gtk-4_0-injected-bundles": "2.34.5-2.85.3",
"libwebkit2gtk-4_0-37": "2.34.5-2.85.3",
"libwebkit2gtk3-lang": "2.34.5-2.85.3",
"typelib-1_0-WebKit2WebExtension-4_0": "2.34.5-2.85.3",
"typelib-1_0-WebKit2-4_0": "2.34.5-2.85.3"
}
]
}
SUSE:Linux Enterprise Server 12 SP3-BCL / webkit2gtk3
Package
- Name
- webkit2gtk3
- Purl
- purl:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCL
SUSE:Linux Enterprise Server 12 SP4-LTSS / webkit2gtk3
Package
- Name
- webkit2gtk3
- Purl
- purl:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSS
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.34.5-2.85.3
Ecosystem specific
{
"binaries": [
{
"typelib-1_0-JavaScriptCore-4_0": "2.34.5-2.85.3",
"libjavascriptcoregtk-4_0-18": "2.34.5-2.85.3",
"webkit2gtk-4_0-injected-bundles": "2.34.5-2.85.3",
"libwebkit2gtk-4_0-37": "2.34.5-2.85.3",
"libwebkit2gtk3-lang": "2.34.5-2.85.3",
"typelib-1_0-WebKit2WebExtension-4_0": "2.34.5-2.85.3",
"typelib-1_0-WebKit2-4_0": "2.34.5-2.85.3"
}
]
}
SUSE:Linux Enterprise Server 12 SP5 / webkit2gtk3
Package
- Name
- webkit2gtk3
- Purl
- purl:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.34.5-2.85.3
Ecosystem specific
{
"binaries": [
{
"typelib-1_0-JavaScriptCore-4_0": "2.34.5-2.85.3",
"libjavascriptcoregtk-4_0-18": "2.34.5-2.85.3",
"webkit2gtk-4_0-injected-bundles": "2.34.5-2.85.3",
"libwebkit2gtk-4_0-37": "2.34.5-2.85.3",
"libwebkit2gtk3-lang": "2.34.5-2.85.3",
"typelib-1_0-WebKit2WebExtension-4_0": "2.34.5-2.85.3",
"typelib-1_0-WebKit2-4_0": "2.34.5-2.85.3"
}
]
}
SUSE:Linux Enterprise Server for SAP Applications 12 SP5 / webkit2gtk3
Package
- Name
- webkit2gtk3
- Purl
- purl:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.34.5-2.85.3
Ecosystem specific
{
"binaries": [
{
"typelib-1_0-JavaScriptCore-4_0": "2.34.5-2.85.3",
"libjavascriptcoregtk-4_0-18": "2.34.5-2.85.3",
"webkit2gtk-4_0-injected-bundles": "2.34.5-2.85.3",
"libwebkit2gtk-4_0-37": "2.34.5-2.85.3",
"libwebkit2gtk3-lang": "2.34.5-2.85.3",
"typelib-1_0-WebKit2WebExtension-4_0": "2.34.5-2.85.3",
"typelib-1_0-WebKit2-4_0": "2.34.5-2.85.3"
}
]
}